f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
Size

184KB
MD5

868a35f22eb6e841bf0ff924759aedaf
SHA1

c3c0636e66e74248283d1e398642c476de477730
SHA256

f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c
SHA512

b97e520de1415427ce2048805ed488de23672a7bd5578e159c142ff411bc68f6754693b0dbb382a151a791b37678a0b561771fcb20522d490958ef2dc25d77de
SSDEEP

3072:WheVgHoJC+4+EfjOWFnmiPoFbvuqnviu:Whnourfjvm4oFbGqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1804	Unicorn-13962.exe
2384	Unicorn-49370.exe
1296	Unicorn-29504.exe
2772	Unicorn-31228.exe
3068	Unicorn-27698.exe
2552	Unicorn-47564.exe
2732	Unicorn-41434.exe
2972	Unicorn-18779.exe
2588	Unicorn-10610.exe
2800	Unicorn-25721.exe
2840	Unicorn-53755.exe
2500	Unicorn-7081.exe
2816	Unicorn-39457.exe
1752	Unicorn-53490.exe
2864	Unicorn-45587.exe
3008	Unicorn-41114.exe
2324	Unicorn-37584.exe
2008	Unicorn-48322.exe
2272	Unicorn-58528.exe
2868	Unicorn-56490.exe
1476	Unicorn-63896.exe
1060	Unicorn-7289.exe
2284	Unicorn-52961.exe
1096	Unicorn-23361.exe
1136	Unicorn-23626.exe
1504	Unicorn-11928.exe
1000	Unicorn-42000.exe
876	Unicorn-39962.exe
572	Unicorn-34420.exe
580	Unicorn-52794.exe
1756	Unicorn-11368.exe
1456	Unicorn-32151.exe
1588	Unicorn-21841.exe
3060	Unicorn-54513.exe
1880	Unicorn-42815.exe
2356	Unicorn-7350.exe
2988	Unicorn-13480.exe
2752	Unicorn-37720.exe
2664	Unicorn-18119.exe
2708	Unicorn-54321.exe
2568	Unicorn-61721.exe
2672	Unicorn-12520.exe
2524	Unicorn-20423.exe
2540	Unicorn-823.exe
1988	Unicorn-22726.exe
2168	Unicorn-8991.exe
1868	Unicorn-28857.exe
1816	Unicorn-37025.exe
1812	Unicorn-25327.exe
2232	Unicorn-27895.exe
1996	Unicorn-53361.exe
1860	Unicorn-60767.exe
896	Unicorn-62427.exe
2092	Unicorn-50730.exe
1980	Unicorn-13226.exe
2492	Unicorn-30066.exe
816	Unicorn-5634.exe
2468	Unicorn-59474.exe
1480	Unicorn-48587.exe
1508	Unicorn-50625.exe
1780	Unicorn-13646.exe
1272	Unicorn-33512.exe
1904	Unicorn-47819.exe
300	Unicorn-1917.exe

Loads dropped DLL 64 IoCs

pid	Process
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
1804	Unicorn-13962.exe
1804	Unicorn-13962.exe
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
1296	Unicorn-29504.exe
1296	Unicorn-29504.exe
1804	Unicorn-13962.exe
1804	Unicorn-13962.exe
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
2384	Unicorn-49370.exe
2384	Unicorn-49370.exe
2772	Unicorn-31228.exe
3068	Unicorn-27698.exe
2772	Unicorn-31228.exe
3068	Unicorn-27698.exe
1296	Unicorn-29504.exe
2384	Unicorn-49370.exe
1804	Unicorn-13962.exe
2384	Unicorn-49370.exe
2732	Unicorn-41434.exe
2552	Unicorn-47564.exe
2732	Unicorn-41434.exe
1296	Unicorn-29504.exe
1804	Unicorn-13962.exe
2552	Unicorn-47564.exe
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
2972	Unicorn-18779.exe
2972	Unicorn-18779.exe
3068	Unicorn-27698.exe
3068	Unicorn-27698.exe
2800	Unicorn-25721.exe
2800	Unicorn-25721.exe
1752	Unicorn-53490.exe
2384	Unicorn-49370.exe
1752	Unicorn-53490.exe
2384	Unicorn-49370.exe
2816	Unicorn-39457.exe
2816	Unicorn-39457.exe
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
2732	Unicorn-41434.exe
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
2732	Unicorn-41434.exe
1804	Unicorn-13962.exe
1804	Unicorn-13962.exe
2588	Unicorn-10610.exe
2588	Unicorn-10610.exe
2552	Unicorn-47564.exe
2552	Unicorn-47564.exe
2500	Unicorn-7081.exe
1296	Unicorn-29504.exe
2500	Unicorn-7081.exe
1296	Unicorn-29504.exe
324	WerFault.exe
324	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
900	WerFault.exe
900	WerFault.exe
2296	WerFault.exe
324	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2296	2840	WerFault.exe	40
900	2864	WerFault.exe	41
324	2772	WerFault.exe	31
2352	2272	WerFault.exe	48
2520	1000	WerFault.exe	58
2656	2664	WerFault.exe	70
2968	1504	WerFault.exe	55
2900	2708	WerFault.exe	71
2912	1816	WerFault.exe	80
2128	1476	WerFault.exe	50
2680	2488	WerFault.exe	117
2600	1312	WerFault.exe	115
1832	2120	WerFault.exe	132
1692	1592	WerFault.exe	114
2320	2280	WerFault.exe	130
1928	920	WerFault.exe	131
1584	1988	WerFault.exe	77
2828	1860	WerFault.exe	84
3184	2628	WerFault.exe	133
3104	1920	WerFault.exe	147
3220	1656	WerFault.exe	152
3216	2484	WerFault.exe	139
3548	1596	WerFault.exe	144
3776	1588	WerFault.exe	63
3764	2908	WerFault.exe	170
4428	3060	WerFault.exe	64
4804	1652	WerFault.exe	128
4160	3700	WerFault.exe	290
5064	1060	WerFault.exe	49
4128	1712	WerFault.exe	121
4552	1532	WerFault.exe	146
4640	328	WerFault.exe	161
5904	2716	WerFault.exe	178
5708	1240	WerFault.exe	195
5752	3504	WerFault.exe	220
5852	1516	WerFault.exe	125
6104	3852	WerFault.exe	252
6076	2672	WerFault.exe	74
5512	2592	WerFault.exe	163
5420	636	WerFault.exe	171
5392	3312	WerFault.exe	270
6192	4036	WerFault.exe	268
6360	2804	WerFault.exe	113
6676	1980	WerFault.exe	87
6720	2752	WerFault.exe	69
6816	2232	WerFault.exe	82
6800	1284	WerFault.exe	118
6408	2492	WerFault.exe	88
6516	1700	WerFault.exe	173
6248	2792	WerFault.exe	174
7728	2736	WerFault.exe	199
7720	3708	WerFault.exe	264
7908	816	WerFault.exe	89
8084	2404	WerFault.exe	138
8132	2696	WerFault.exe	108
7436	2684	WerFault.exe	107
7432	1660	WerFault.exe	119
7960	3144	WerFault.exe	209
7888	3292	WerFault.exe	213
7220	7604	WerFault.exe	714
8124	7600	WerFault.exe	715
7340	3616	WerFault.exe	247
8632	2156	WerFault.exe	145
8712	2580	WerFault.exe	154

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
1804	Unicorn-13962.exe
2384	Unicorn-49370.exe
1296	Unicorn-29504.exe
2772	Unicorn-31228.exe
2552	Unicorn-47564.exe
3068	Unicorn-27698.exe
2732	Unicorn-41434.exe
2972	Unicorn-18779.exe
2800	Unicorn-25721.exe
2500	Unicorn-7081.exe
1752	Unicorn-53490.exe
2816	Unicorn-39457.exe
2864	Unicorn-45587.exe
2840	Unicorn-53755.exe
2588	Unicorn-10610.exe
3008	Unicorn-41114.exe
2324	Unicorn-37584.exe
2008	Unicorn-48322.exe
2272	Unicorn-58528.exe
1476	Unicorn-63896.exe
1136	Unicorn-23626.exe
1096	Unicorn-23361.exe
2868	Unicorn-56490.exe
1060	Unicorn-7289.exe
2284	Unicorn-52961.exe
1504	Unicorn-11928.exe
1000	Unicorn-42000.exe
876	Unicorn-39962.exe
572	Unicorn-34420.exe
580	Unicorn-52794.exe
1756	Unicorn-11368.exe
1456	Unicorn-32151.exe
1588	Unicorn-21841.exe
3060	Unicorn-54513.exe
1880	Unicorn-42815.exe
2356	Unicorn-7350.exe
2988	Unicorn-13480.exe
2664	Unicorn-18119.exe
2752	Unicorn-37720.exe
2568	Unicorn-61721.exe
2672	Unicorn-12520.exe
2708	Unicorn-54321.exe
2524	Unicorn-20423.exe
2540	Unicorn-823.exe
1868	Unicorn-28857.exe
2168	Unicorn-8991.exe
1988	Unicorn-22726.exe
1816	Unicorn-37025.exe
1812	Unicorn-25327.exe
2232	Unicorn-27895.exe
1996	Unicorn-53361.exe
1860	Unicorn-60767.exe
896	Unicorn-62427.exe
2092	Unicorn-50730.exe
1980	Unicorn-13226.exe
2492	Unicorn-30066.exe
816	Unicorn-5634.exe
2468	Unicorn-59474.exe
1480	Unicorn-48587.exe
1508	Unicorn-50625.exe
1780	Unicorn-13646.exe
1272	Unicorn-33512.exe
1904	Unicorn-47819.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 1804	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	28
PID 1500 wrote to memory of 1804	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	28
PID 1500 wrote to memory of 1804	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	28
PID 1500 wrote to memory of 1804	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	28
PID 1804 wrote to memory of 2384	1804	Unicorn-13962.exe	29
PID 1804 wrote to memory of 2384	1804	Unicorn-13962.exe	29
PID 1804 wrote to memory of 2384	1804	Unicorn-13962.exe	29
PID 1804 wrote to memory of 2384	1804	Unicorn-13962.exe	29
PID 1500 wrote to memory of 1296	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	30
PID 1500 wrote to memory of 1296	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	30
PID 1500 wrote to memory of 1296	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	30
PID 1500 wrote to memory of 1296	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	30
PID 1296 wrote to memory of 2772	1296	Unicorn-29504.exe	31
PID 1296 wrote to memory of 2772	1296	Unicorn-29504.exe	31
PID 1296 wrote to memory of 2772	1296	Unicorn-29504.exe	31
PID 1296 wrote to memory of 2772	1296	Unicorn-29504.exe	31
PID 1804 wrote to memory of 3068	1804	Unicorn-13962.exe	32
PID 1804 wrote to memory of 3068	1804	Unicorn-13962.exe	32
PID 1804 wrote to memory of 3068	1804	Unicorn-13962.exe	32
PID 1804 wrote to memory of 3068	1804	Unicorn-13962.exe	32
PID 1500 wrote to memory of 2732	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	33
PID 1500 wrote to memory of 2732	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	33
PID 1500 wrote to memory of 2732	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	33
PID 1500 wrote to memory of 2732	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	33
PID 2384 wrote to memory of 2552	2384	Unicorn-49370.exe	34
PID 2384 wrote to memory of 2552	2384	Unicorn-49370.exe	34
PID 2384 wrote to memory of 2552	2384	Unicorn-49370.exe	34
PID 2384 wrote to memory of 2552	2384	Unicorn-49370.exe	34
PID 2772 wrote to memory of 2588	2772	Unicorn-31228.exe	35
PID 2772 wrote to memory of 2588	2772	Unicorn-31228.exe	35
PID 2772 wrote to memory of 2588	2772	Unicorn-31228.exe	35
PID 2772 wrote to memory of 2588	2772	Unicorn-31228.exe	35
PID 3068 wrote to memory of 2972	3068	Unicorn-27698.exe	36
PID 3068 wrote to memory of 2972	3068	Unicorn-27698.exe	36
PID 3068 wrote to memory of 2972	3068	Unicorn-27698.exe	36
PID 3068 wrote to memory of 2972	3068	Unicorn-27698.exe	36
PID 2732 wrote to memory of 2840	2732	Unicorn-41434.exe	40
PID 2732 wrote to memory of 2840	2732	Unicorn-41434.exe	40
PID 2732 wrote to memory of 2840	2732	Unicorn-41434.exe	40
PID 2732 wrote to memory of 2840	2732	Unicorn-41434.exe	40
PID 2384 wrote to memory of 2800	2384	Unicorn-49370.exe	38
PID 2384 wrote to memory of 2800	2384	Unicorn-49370.exe	38
PID 2384 wrote to memory of 2800	2384	Unicorn-49370.exe	38
PID 2384 wrote to memory of 2800	2384	Unicorn-49370.exe	38
PID 1296 wrote to memory of 2500	1296	Unicorn-29504.exe	37
PID 1296 wrote to memory of 2500	1296	Unicorn-29504.exe	37
PID 1296 wrote to memory of 2500	1296	Unicorn-29504.exe	37
PID 1296 wrote to memory of 2500	1296	Unicorn-29504.exe	37
PID 1804 wrote to memory of 2816	1804	Unicorn-13962.exe	39
PID 1804 wrote to memory of 2816	1804	Unicorn-13962.exe	39
PID 1804 wrote to memory of 2816	1804	Unicorn-13962.exe	39
PID 1804 wrote to memory of 2816	1804	Unicorn-13962.exe	39
PID 2552 wrote to memory of 2864	2552	Unicorn-47564.exe	41
PID 2552 wrote to memory of 2864	2552	Unicorn-47564.exe	41
PID 2552 wrote to memory of 2864	2552	Unicorn-47564.exe	41
PID 2552 wrote to memory of 2864	2552	Unicorn-47564.exe	41
PID 1500 wrote to memory of 1752	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	42
PID 1500 wrote to memory of 1752	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	42
PID 1500 wrote to memory of 1752	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	42
PID 1500 wrote to memory of 1752	1500	f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe	42
PID 2972 wrote to memory of 3008	2972	Unicorn-18779.exe	43
PID 2972 wrote to memory of 3008	2972	Unicorn-18779.exe	43
PID 2972 wrote to memory of 3008	2972	Unicorn-18779.exe	43
PID 2972 wrote to memory of 3008	2972	Unicorn-18779.exe	43

C:\Users\Admin\AppData\Local\Temp\f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe
"C:\Users\Admin\AppData\Local\Temp\f916d985604194a8a542f29f3c20b98f573d0cf2e07e4abe7c6e221807c65d2c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11928.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
        7⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
        8⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        9⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
        9⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 224
        9⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        8⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
        8⤵
        
        PID:6128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        8⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20593.exe
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30942.exe
        8⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21708.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59296.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        8⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
        8⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        8⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57654.exe
        8⤵
        
        PID:10372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        7⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
        7⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-245.exe
        7⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
        7⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15252.exe
        7⤵
        
        PID:11564
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 248
        6⤵
        Program crash
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        6⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 220
        7⤵
        Program crash
        
        PID:1692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 228
        6⤵
        Program crash
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41799.exe
        5⤵
        
        PID:2488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 220
        6⤵
        Program crash
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
        5⤵
        
        PID:2908
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 244
        6⤵
        Program crash
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
        5⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        5⤵
        
        PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
        5⤵
        
        PID:8228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 248
        5⤵
        
        PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        7⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
        8⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57459.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
        9⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        9⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 248
        9⤵
        
        PID:9592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
        8⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe
        8⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 244
        8⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
        8⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        8⤵
        
        PID:8076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        8⤵
        
        PID:8968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        8⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        7⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
        7⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2933.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
        7⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49653.exe
        7⤵
        
        PID:11940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
        8⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63818.exe
        8⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        8⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
        8⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
        7⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        7⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
        7⤵
        
        PID:10784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        6⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
        7⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
        7⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
        7⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 248
        7⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25269.exe
        6⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
        6⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29407.exe
        6⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25789.exe
        6⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
        6⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 224
        6⤵
        Program crash
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        5⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        6⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8258.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33032.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        7⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 228
        7⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
        6⤵
        
        PID:4384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23794.exe
        6⤵
        
        PID:7876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
        6⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63018.exe
        6⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
        5⤵
        
        PID:3404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        6⤵
        
        PID:4176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        6⤵
        
        PID:5848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        6⤵
        
        PID:7480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 228
        6⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15658.exe
        5⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39377.exe
        5⤵
        
        PID:10728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58528.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 244
        5⤵
        Program crash
        
        PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37720.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58400.exe
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
        7⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        7⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        7⤵
        
        PID:10896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 248
        6⤵
        Program crash
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40348.exe
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        6⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        6⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44011.exe
        6⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4124.exe
        6⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25018.exe
        5⤵
        
        PID:4372
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 248
        5⤵
        Program crash
        
        PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42179.exe
      4⤵
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48460.exe
        5⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        6⤵
        
        PID:5112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        6⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
        6⤵
        
        PID:7384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
        6⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        5⤵
        
        PID:4148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 224
        5⤵
        Program crash
        
        PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34535.exe
      4⤵
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        5⤵
        
        PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        5⤵
        
        PID:6436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 220
        5⤵
        
        PID:8740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
      4⤵
      PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
      4⤵
      PID:7760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
      4⤵
      PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
      4⤵
      PID:10284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52186.exe
        8⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 220
        9⤵
        Program crash
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27686.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
        9⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 228
        9⤵
        Program crash
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        8⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 244
        8⤵
        Program crash
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48657.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        9⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        9⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12538.exe
        9⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
        9⤵
        
        PID:11352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        8⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
        8⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
        8⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
        8⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41635.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        8⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13818.exe
        8⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        8⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        8⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
        7⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
        7⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        7⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        7⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
        7⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        9⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe
        9⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 144
        10⤵
        Program crash
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 224
        9⤵
        
        PID:9924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
        8⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
        8⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
        8⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 224
        8⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        7⤵
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 224
        8⤵
        Program crash
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
        7⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        7⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        7⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        6⤵
        
        PID:1596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
        7⤵
        Program crash
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
        6⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43213.exe
        7⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        7⤵
        
        PID:11424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22348.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19713.exe
        6⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        6⤵
        
        PID:9100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
        6⤵
        
        PID:9332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32151.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2793.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45523.exe
        8⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25564.exe
        9⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
        9⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        8⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
        8⤵
        Program crash
        
        PID:8632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        7⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        8⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5740.exe
        8⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59165.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44421.exe
        7⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 244
        7⤵
        
        PID:8992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64801.exe
        6⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29805.exe
        8⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17690.exe
        8⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        8⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        8⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
        8⤵
        
        PID:11596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 228
        7⤵
        Program crash
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48137.exe
        6⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48329.exe
        7⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-83.exe
        7⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        7⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
        7⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15232.exe
        6⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6534.exe
        6⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        6⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
        6⤵
        
        PID:9288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39855.exe
        6⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        6⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 220
        7⤵
        Program crash
        
        PID:3104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43337.exe
        6⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        7⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
        7⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 220
        7⤵
        
        PID:11192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4073.exe
        6⤵
        
        PID:7056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
        6⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5436.exe
        6⤵
        
        PID:9412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        5⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
        6⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25029.exe
        7⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
        7⤵
        
        PID:8308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
        7⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1984.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19806.exe
        6⤵
        
        PID:6384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61697.exe
        6⤵
        
        PID:8436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 244
        6⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61097.exe
        5⤵
        
        PID:3260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 240
        6⤵
        
        PID:9048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        5⤵
        
        PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        5⤵
        
        PID:9692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
        7⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 224
        8⤵
        Program crash
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14500.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5267.exe
        8⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        8⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42143.exe
        8⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        8⤵
        
        PID:11896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33570.exe
        7⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24136.exe
        7⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11018.exe
        7⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        7⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        7⤵
        
        PID:12124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        6⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48381.exe
        8⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
        8⤵
        
        PID:8952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
        8⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43187.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16926.exe
        7⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
        7⤵
        
        PID:7640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
        7⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
        6⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        7⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
        7⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        7⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
        7⤵
        
        PID:10160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
        6⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3353.exe
        6⤵
        
        PID:6400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        6⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12554.exe
        6⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        6⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64163.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
        8⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
        8⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
        8⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4013.exe
        7⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62676.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
        7⤵
        
        PID:8848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        7⤵
        
        PID:9424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
        6⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
        7⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        6⤵
        
        PID:6392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        6⤵
        
        PID:9092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        6⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
        5⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54459.exe
        6⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15274.exe
        7⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        7⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17928.exe
        7⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 248
        7⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22409.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        6⤵
        
        PID:5352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 248
        6⤵
        Program crash
        
        PID:8084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
        6⤵
        
        PID:6260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        6⤵
        
        PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        5⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53562.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3651.exe
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
        5⤵
        
        PID:11760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52794.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59285.exe
        6⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58974.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        8⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        8⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
        8⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
        8⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6353.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4967.exe
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41211.exe
        7⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        7⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
        6⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42770.exe
        7⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28125.exe
        7⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46902.exe
        7⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        6⤵
        
        PID:4576
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        6⤵
        Program crash
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23960.exe
        5⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        6⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45072.exe
        7⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
        7⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        7⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
        7⤵
        
        PID:10168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe
        6⤵
        
        PID:5016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        6⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        6⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        6⤵
        
        PID:9824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        6⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
        5⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        5⤵
        
        PID:7068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58064.exe
        5⤵
        
        PID:9120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
        5⤵
        
        PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        5⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56488.exe
        6⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        7⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
        7⤵
        
        PID:9280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
        7⤵
        
        PID:10320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44420.exe
        6⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
        6⤵
        
        PID:8704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
        6⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
        5⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55771.exe
        6⤵
        
        PID:7228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6861.exe
        6⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        6⤵
        
        PID:11232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        5⤵
        
        PID:4628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        5⤵
        Program crash
        
        PID:6408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35087.exe
      4⤵
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        5⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28532.exe
        6⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        6⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10869.exe
        6⤵
        
        PID:10772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58969.exe
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3086.exe
        5⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10576.exe
        5⤵
        
        PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe
        5⤵
        
        PID:9764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61666.exe
      4⤵
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        5⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        5⤵
        
        PID:10560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
      4⤵
      PID:4344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
      4⤵
      PID:6276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26696.exe
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
      4⤵
      PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
      4⤵
      PID:11752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
        6⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 220
        7⤵
        Program crash
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        6⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
        7⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 228
        7⤵
        Program crash
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        6⤵
        
        PID:4632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
        6⤵
        Program crash
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        5⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57718.exe
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-687.exe
        7⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47779.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64566.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59635.exe
        7⤵
        
        PID:11012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
        6⤵
        
        PID:4912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        6⤵
        
        PID:6288
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 228
        6⤵
        Program crash
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29003.exe
        5⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        6⤵
        
        PID:5568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 228
        6⤵
        Program crash
        
        PID:7728
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
        5⤵
        Program crash
        
        PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
        5⤵
        
        PID:920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 224
        6⤵
        Program crash
        
        PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
        5⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25981.exe
        6⤵
        
        PID:5832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        6⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
        6⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
        5⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        5⤵
        
        PID:7980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
        5⤵
        
        PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
      4⤵
      PID:2120
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 224
        5⤵
        Program crash
        
        PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
        5⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
        5⤵
        
        PID:7672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22684.exe
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61188.exe
        5⤵
        
        PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57252.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51169.exe
      4⤵
      PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
      4⤵
      PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
      4⤵
      PID:8408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
      4⤵
      PID:11160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        6⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        7⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 224
        8⤵
        Program crash
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50012.exe
        7⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56506.exe
        7⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        7⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35777.exe
        7⤵
        
        PID:9712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        7⤵
        
        PID:11620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36503.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58278.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37011.exe
        6⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55819.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34263.exe
        6⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
        5⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
        6⤵
        
        PID:4252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        6⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        6⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51521.exe
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        6⤵
        
        PID:11156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26933.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        5⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
        5⤵
        
        PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44301.exe
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14546.exe
        5⤵
        
        PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47855.exe
      4⤵
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40889.exe
        5⤵
        
        PID:2716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        6⤵
        Program crash
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14350.exe
        5⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49757.exe
        5⤵
        
        PID:6016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        5⤵
        Program crash
        
        PID:8132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
      4⤵
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10007.exe
        5⤵
        
        PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62854.exe
        5⤵
        
        PID:1540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 224
        5⤵
        
        PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
      4⤵
      PID:5068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55234.exe
      4⤵
      PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30305.exe
      4⤵
      PID:6636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
      4⤵
      PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3488.exe
      4⤵
      PID:10960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
      4⤵
      PID:2280
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 224
        5⤵
        Program crash
        
        PID:2320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
      4⤵
      Program crash
      PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33510.exe
    3⤵
    PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
      4⤵
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
        5⤵
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22698.exe
        5⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23725.exe
        5⤵
        
        PID:8432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3418.exe
        5⤵
        
        PID:10956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
      4⤵
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
      4⤵
      PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
      4⤵
      PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
      4⤵
      PID:9360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
      4⤵
      PID:11388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47865.exe
    3⤵
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59016.exe
      4⤵
      PID:5996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62662.exe
      4⤵
      PID:1300
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 220
      4⤵
      PID:8596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
    3⤵
    PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18818.exe
    3⤵
    PID:5676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
    3⤵
    PID:7916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
    3⤵
    PID:9436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44943.exe
    3⤵
    PID:11460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28857.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        8⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 220
        9⤵
        Program crash
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        8⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 224
        8⤵
        Program crash
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        7⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
        8⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46574.exe
        8⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        8⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        8⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        7⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60020.exe
        7⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22384.exe
        7⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        7⤵
        
        PID:12084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
        6⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
        7⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
        8⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        8⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12000.exe
        8⤵
        
        PID:10256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
        7⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
        7⤵
        Program crash
        
        PID:6800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        6⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
        7⤵
        
        PID:4132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
        7⤵
        Program crash
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23754.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        6⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        6⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61367.exe
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe
        6⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        6⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26390.exe
        7⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53391.exe
        8⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        8⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63637.exe
        8⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22682.exe
        8⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60292.exe
        7⤵
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        7⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
        7⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        7⤵
        
        PID:9356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 248
        7⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41870.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
        7⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
        7⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60996.exe
        7⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42777.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
        6⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
        6⤵
        
        PID:7256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 248
        6⤵
        
        PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        6⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39499.exe
        7⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 248
        7⤵
        Program crash
        
        PID:6516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        6⤵
        Program crash
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26676.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
        6⤵
        
        PID:7000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe
        6⤵
        
        PID:8384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36615.exe
        6⤵
        
        PID:10484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        5⤵
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55310.exe
        5⤵
        
        PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
        5⤵
        
        PID:7576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
        5⤵
        
        PID:11344
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 248
      4⤵
      Loads dropped DLL
      Program crash
      PID:324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39962.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 224
        6⤵
        Program crash
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        5⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        6⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23848.exe
        7⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
        7⤵
        
        PID:6536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64182.exe
        7⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        7⤵
        
        PID:10908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33337.exe
        6⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16969.exe
        6⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
        6⤵
        
        PID:10044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32950.exe
        6⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        5⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
        6⤵
        
        PID:4368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
        6⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        6⤵
        
        PID:9984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        6⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        5⤵
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4313.exe
        5⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8489.exe
        5⤵
        
        PID:7696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        5⤵
        
        PID:10192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        5⤵
        
        PID:11368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-823.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        5⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        7⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26467.exe
        6⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64290.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8910.exe
        6⤵
        
        PID:8048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        6⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
        6⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23683.exe
        6⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        6⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        6⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        5⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
        5⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29051.exe
        5⤵
        
        PID:7328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 228
        5⤵
        
        PID:9260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
      4⤵
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16686.exe
        5⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40397.exe
        6⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3487.exe
        6⤵
        
        PID:7744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
        6⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
        6⤵
        
        PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        5⤵
        
        PID:6352
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 248
        5⤵
        Program crash
        
        PID:7436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
      4⤵
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20610.exe
        5⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        5⤵
        
        PID:7500
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 224
        5⤵
        
        PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36634.exe
      4⤵
      PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
      4⤵
      PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
      4⤵
      PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
      4⤵
      PID:10232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
      4⤵
      PID:11912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 224
      4⤵
      Program crash
      PID:2520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
      4⤵
      PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        5⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
        6⤵
        
        PID:6560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        6⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        6⤵
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36633.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63872.exe
        5⤵
        
        PID:5868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe
        5⤵
        
        PID:7544
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 244
        5⤵
        
        PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
      4⤵
      PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62425.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        5⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        5⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28439.exe
        5⤵
        
        PID:8232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11582.exe
        5⤵
        
        PID:11236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50047.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
      4⤵
      PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
      4⤵
      PID:7192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
      4⤵
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51500.exe
      4⤵
      PID:11032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
    3⤵
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51257.exe
      4⤵
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14994.exe
        5⤵
        
        PID:5812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
        5⤵
        Program crash
        
        PID:6248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
      4⤵
      PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
      4⤵
      PID:8140
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
      4⤵
      PID:9856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
    3⤵
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22587.exe
      4⤵
      PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
      4⤵
      PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
      4⤵
      PID:10852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
    3⤵
    PID:4948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23385.exe
    3⤵
    PID:7472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47274.exe
    3⤵
    PID:10180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
    3⤵
    PID:11324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2840
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54513.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59360.exe
        5⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
        6⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25388.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44856.exe
        7⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12356.exe
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
        7⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        6⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54107.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        7⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        7⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63052.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33425.exe
        6⤵
        
        PID:6528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 244
        6⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        5⤵
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        6⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
        7⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20285.exe
        7⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
        7⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        6⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
        6⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        6⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        6⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
        6⤵
        
        PID:4104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33032.exe
        6⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
        6⤵
        
        PID:7524
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 228
        6⤵
        
        PID:9600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
        5⤵
        Program crash
        
        PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36831.exe
        6⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19650.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        7⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        7⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
        7⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
        6⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
        6⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        6⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        6⤵
        
        PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
        5⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        6⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
        5⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        5⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35019.exe
        5⤵
        
        PID:8684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        5⤵
        
        PID:10364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31940.exe
      4⤵
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
        5⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32187.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
        6⤵
        
        PID:5560
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 224
        6⤵
        Program crash
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        5⤵
        
        PID:4772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        5⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55698.exe
        5⤵
        
        PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        5⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33526.exe
        5⤵
        
        PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
      4⤵
      PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46333.exe
        5⤵
        
        PID:4524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        5⤵
        Program crash
        
        PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22218.exe
      4⤵
      PID:4392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
      4⤵
      PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
      4⤵
      PID:8172
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
      4⤵
      PID:10156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
      4⤵
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37770.exe
        5⤵
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42970.exe
        6⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        7⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
        7⤵
        Program crash
        
        PID:6192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 216
        6⤵
        Program crash
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
        5⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-259.exe
        5⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57303.exe
        5⤵
        
        PID:9168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
        5⤵
        
        PID:10968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43477.exe
      4⤵
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
        5⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39529.exe
        6⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25416.exe
        6⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16260.exe
        5⤵
        
        PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
        5⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19418.exe
        5⤵
        
        PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23108.exe
      4⤵
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56541.exe
        5⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
        5⤵
        
        PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        5⤵
        
        PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        5⤵
        
        PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45181.exe
      4⤵
      PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57816.exe
      4⤵
      PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14577.exe
      4⤵
      PID:11172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
    3⤵
    PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
      4⤵
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        5⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
        6⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        6⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
        6⤵
        
        PID:9524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14016.exe
        6⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64895.exe
        5⤵
        
        PID:4812
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 224
        5⤵
        Program crash
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23234.exe
      4⤵
      PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4081.exe
        5⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
        5⤵
        
        PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13751.exe
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64482.exe
        5⤵
        
        PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
      4⤵
      PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
      4⤵
      PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6104.exe
      4⤵
      PID:9172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48549.exe
      4⤵
      PID:10736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
    3⤵
    PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28279.exe
      4⤵
      PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42492.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
      4⤵
      PID:6992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12164.exe
      4⤵
      PID:7412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
      4⤵
      PID:10244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34930.exe
    3⤵
    PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7018.exe
      4⤵
      PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
      4⤵
      PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8904.exe
      4⤵
      PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
      4⤵
      PID:10744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53491.exe
    3⤵
    PID:5492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
    3⤵
    PID:6784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
    3⤵
    PID:8784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
    3⤵
    PID:10552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56490.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33512.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27682.exe
        6⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        8⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
        8⤵
        
        PID:9040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7963.exe
        8⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34464.exe
        7⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        7⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
        7⤵
        
        PID:10024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3457.exe
        6⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34650.exe
        7⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        7⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        7⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9772.exe
        6⤵
        
        PID:5092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36061.exe
        6⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43904.exe
        6⤵
        
        PID:8792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 248
        6⤵
        
        PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
        5⤵
        
        PID:1656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 220
        6⤵
        Program crash
        
        PID:3220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        5⤵
        Program crash
        
        PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13646.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        5⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40749.exe
        6⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
        7⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17160.exe
        7⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        7⤵
        
        PID:9800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
        7⤵
        
        PID:10864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57733.exe
        6⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        6⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        6⤵
        
        PID:9884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 228
        6⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        5⤵
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6886.exe
        6⤵
        
        PID:6920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        6⤵
        
        PID:8288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
        6⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20374.exe
        5⤵
        
        PID:4260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        5⤵
        
        PID:6708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        5⤵
        
        PID:8972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53900.exe
        5⤵
        
        PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
      4⤵
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
        5⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27136.exe
        6⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe
        6⤵
        
        PID:8496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29981.exe
        6⤵
        
        PID:10584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36472.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
        5⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
        5⤵
        
        PID:8036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7822.exe
        5⤵
        
        PID:9252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        5⤵
        
        PID:11416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
      4⤵
      PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe
        5⤵
        
        PID:6460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        5⤵
        
        PID:8040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 220
        5⤵
        
        PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55384.exe
      4⤵
      PID:5096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
      4⤵
      PID:6188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
      4⤵
      PID:8316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28347.exe
      4⤵
      PID:9752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42815.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
        5⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        6⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        7⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
        7⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
        7⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63908.exe
        7⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        7⤵
        
        PID:10672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
        6⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23088.exe
        6⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14018.exe
        6⤵
        
        PID:8768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44652.exe
        6⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48949.exe
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        6⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58619.exe
        6⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
        6⤵
        
        PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
        5⤵
        
        PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64992.exe
        5⤵
        
        PID:9320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61386.exe
        5⤵
        
        PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
      4⤵
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
        5⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        6⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        6⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52780.exe
        5⤵
        
        PID:6748
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 228
        5⤵
        Program crash
        
        PID:8712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
      4⤵
      PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62695.exe
        5⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
        5⤵
        
        PID:7176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        5⤵
        
        PID:9012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50970.exe
        5⤵
        
        PID:11048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
      4⤵
      PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27570.exe
      4⤵
      PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20303.exe
      4⤵
      PID:8244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46881.exe
      4⤵
      PID:11260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
    3⤵
    - Executes dropped EXE
    PID:300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45554.exe
      4⤵
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64333.exe
        6⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        6⤵
        
        PID:8800
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 220
        6⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
        5⤵
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe
        5⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        5⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
        5⤵
        
        PID:10272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
      4⤵
      PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55425.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41452.exe
        5⤵
        
        PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9227.exe
        5⤵
        
        PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20539.exe
        5⤵
        
        PID:10696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
      4⤵
      PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
      4⤵
      PID:7264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59953.exe
      4⤵
      PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
      4⤵
      PID:11244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62694.exe
    3⤵
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53167.exe
      4⤵
      PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
        5⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63140.exe
        5⤵
        
        PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63220.exe
        5⤵
        
        PID:10596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49317.exe
      4⤵
      PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27559.exe
      4⤵
      PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
      4⤵
      PID:8844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
      4⤵
      PID:10500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
    3⤵
    PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
      4⤵
      PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
      4⤵
      PID:9868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28641.exe
    3⤵
    PID:5584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
    3⤵
    PID:6152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
    3⤵
    PID:8672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45189.exe
    3⤵
    PID:10344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63896.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63896.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 224
      4⤵
      Program crash
      PID:2912
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
    3⤵
    - Program crash
    PID:2128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
    3⤵
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45532.exe
        5⤵
        
        PID:6600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 224
        5⤵
        Program crash
        
        PID:7960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1358.exe
      4⤵
      PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
      4⤵
      PID:8184
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 220
      4⤵
      PID:10136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6332.exe
    3⤵
    PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28970.exe
      4⤵
      PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
      4⤵
      PID:7536
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 224
      4⤵
      PID:9576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26471.exe
    3⤵
    PID:4928
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
    3⤵
    - Program crash
    PID:6816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41832.exe
  2⤵
  PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
    3⤵
    PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
      4⤵
      PID:6520
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 224
      4⤵
      Program crash
      PID:7888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe
    3⤵
    PID:6852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
    3⤵
    PID:7476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
    3⤵
    PID:9552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
    3⤵
    PID:12112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
  2⤵
  PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21412.exe
    3⤵
    PID:5732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24478.exe
    3⤵
    PID:7604
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 144
      4⤵
      Program crash
      PID:7220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
    3⤵
    PID:9916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11768.exe
    3⤵
    PID:11268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
  2⤵
  PID:4236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
  2⤵
  PID:6972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
  2⤵
  PID:7644
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19319.exe
  2⤵
  PID:9500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46036.exe
  2⤵
  PID:12064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe

Filesize
184KB

MD5
d2c73410082d5d6f6664642be0828af6

SHA1
5170327ce137445a91b7aae16438cba8c508f0e8

SHA256
db97c5d378b414f7fc18ad0dd14e081dec1d67ebca6dc7dc7ce5a381990ae641

SHA512
37a6784c0a6c405c6e90c91dcf8a65fef65c23bcc74b39018b3d7816250c176a3d1dd162e8c3ba0f5f1a46e17ce94bcc50b8956dd4da3090a386a4a845b306a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe

Filesize
184KB

MD5
713c8b44e555ed10cc7f2a5fb1494950

SHA1
8cc7efa97e0946bed91765580c266784aacb380b

SHA256
8d76e9ab0f42dfa8898b83a44b844abe0ac46738b73509abfae4c8ac52c8fbbc

SHA512
b50ffbf6e2cf66a6e63a8d5f091f05fa63eb7f5932c5378b0d180ee0186a8588ca56a200380bb9cac9074f7d1e80f14e28fb84448df2ccb9576aaec6bcd4c1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe

Filesize
184KB

MD5
b16fe46eeed73bf444b4aa6c97e1f575

SHA1
479ce90eb1408a6c0001fe0963f17a562157df92

SHA256
90dc4de05549e2baa7e33c5e059c7f9d6b66f5b0bb0b6d3a0d6a335720aa2da7

SHA512
c531e619d47ee93d949c0fdcb9597eaa7ea50b62284ab62a99a5a43a8c4fd5e8ca7259d0ae62413710509acebcc481010ab1f9bf73f5d39b0dfc47f41f0d3e03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe

Filesize
184KB

MD5
e06444c7b8aaeb4c446688880fd1d379

SHA1
75e14ce1b19f5addcfd76a7790550b35f7dcd67d

SHA256
a8d6dcf7a4d1bc39d47dbdc6e97fad004330f34975778cf17931321545bfd05c

SHA512
6afad79b77816822ced6f8630d249d5e9ae6cd2ee552d7192cfc1e5af4118be8e6189013d86071b2f28cf2949bcbdbfe8b94b7fc8a1e60ebc161f90167c5080d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe

Filesize
184KB

MD5
d1791704f4a193216021980575973bfb

SHA1
2b89c2cc3b0664c064b477d4e16e9fe3d484db6b

SHA256
98ac0f8bf2506a8d83df2c5b603731dd9cb457dfb5964a9b23eafb0759d8884c

SHA512
c36371d74d4b69d61fcaf9c8b9120fea70cba8465237508acca265cc70b61a96d0d957d4e1db9cdeed0e03824f08a1c2f7198d8f9f838fa8d7e3ba54c22174a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe

Filesize
184KB

MD5
76eb7de3f6d82db9a2ed068be6f532a1

SHA1
592d53ae8bce2c89afa6884a3d3254c2cc0b1e55

SHA256
a988a4d36f19d5214d84b516b16abbef8cca0d3b4b4996a016f481ce938e69e4

SHA512
ac0eb023a9b42bf947a0d2d13630c1b987e52871f0cd28d497f3a76a108297527e34f59df2dc1b2be5a2ecc3a241b9904a97c844ff477db475536cda30ca6f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe

Filesize
184KB

MD5
bb536240b6681c80c75dda3a10d498d9

SHA1
c609ac7f9467010007308c16002ea57b58e88fee

SHA256
f7bd548ff2d782ab5283652c360fdae6f6c37973c7c00b43b300f2d6f60dd945

SHA512
8e279427c60b0af09579e54821fea96d13ef0253405634458f3434d32da13f38a8fec154260f7067303baf622f8f8d5ca0f1c4714bbf92cbb4ee85a2d852d1cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe

Filesize
184KB

MD5
d9bd4510790ee79d8790677fdb4808a7

SHA1
580014798f520afb5502c5b7dffd9c437cf8b6f1

SHA256
68239422d96533860557bd29157ad10e7f1e6478b97a64462ad8cd3572a7ea3c

SHA512
bd34e169573a33c30bb69f4bc962aa4740258eac8cbf8fb253b507cedc54a266c34183ac49f2644ffca76e07d26d4db564074997925a9d4550b9fc9089600e3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36615.exe

Filesize
184KB

MD5
15f88d9059036800f537763b0e675bd1

SHA1
b9cb169a9eaa6f1d90735fda3e3c5caa0c53d54c

SHA256
9750b0ae9dd69fffdc11ae4fbd1b8d7f481726cfaa22e5d0dfad37fca33bf360

SHA512
d13452d17b44c1b57123407ccb888478d826080d399f39da7dd82d93cbc6bc4f3fd6b2f787c5a95bf38e5fcc7bb0f7c1e93d38464d5e20af08e5b9cec78b2677

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36730.exe

Filesize
184KB

MD5
1e027edc9e523bd4838837067c8c74fe

SHA1
8f3e8738770b6d60e7a42fbf3e4a996102680556

SHA256
a0c5dc4e3a466ae20dc90d1f131d7cb3f20f93c94e92f8d00ab3c21f40b0c307

SHA512
8b61c6be204590b80b291528941c0ee293793f733d7336511bfdd142cab4811edaac8bc2cbace16e32712c4945739f98a2ad9c328fdb3e78e2aee312dbbe9f82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36788.exe

Filesize
184KB

MD5
aa5226e9c3c9acd069cc31efa8def568

SHA1
31a60da956460ed6773002ac9a30edb6c0c8690b

SHA256
e7e87da9f82b2aed884745780d7e54f825c17d323a60086feefaa5c45fc7ee09

SHA512
9941667106b7fb2e10bf31faf45f1297b93d6b34db17d26c48a0e6e39336e25d585fffcef8b7bab014a9ea7cb438d0df777c510ad85f6c7b0462b2d87c2eaf95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe

Filesize
184KB

MD5
22dbd26aad19404b520336de4da76d5a

SHA1
af1c3aa5b8fe535a661d6e4cc49629fab0883872

SHA256
248a7724b73da11082bab5b9daf32faa6f8b1ff5a19b3217e3247c4d8ed45d9a

SHA512
4b2604303147f6a56bf968bab5239b01876e6563fcd3f7be22a5b8398708f9c223fa0e9a1b06fa33b5f1d4299fbe64cfe4229574de212437db53e7acd92e4360

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38728.exe

Filesize
184KB

MD5
0a3c53b543e721e96489992c05888f94

SHA1
4aa1550466f1b75c2abd334195cbc15aaa619848

SHA256
2a0741c059f9b6c6d3d4c1b483071ddfdf66773f633542087d095e28f3a0a6f4

SHA512
939b9a31819b3d8b05c5684e9189f47f6aeb42e5b7069659bc58a2f81a6bfc63db939447c6437777ac6e19b4c21942d94b666383cb231970e77f9a79fc41716a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39457.exe

Filesize
184KB

MD5
21040ca4727736f33b7be3545efebd72

SHA1
c8b7c488c4c8d8f230593f39052f18aa6b7d2fe8

SHA256
2acedeeb955b41b256c61da3f45c44d8de73f5e4a7adc371e647b4ca5488a378

SHA512
100dbf6da99d3c60a7b655446b5f274a0db8f5b661b40f91702de5c3ccf256a69511c930f18fdd09c217faceda7f31a489f418c3f736331637aab58acb82b93b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe

Filesize
184KB

MD5
9db8258a05d7085e81c7930f1bf7eda8

SHA1
6bec67df106b2916be84ba85121a81c9e168f9d9

SHA256
19ffa1fc1b5accab755ca99bd28171966f7b791cf76979c8efdb1b0ab8d4b23c

SHA512
36434ad55b71ad910cd305f280237efd562210229f2b862fd8abd534b3c6fe45ae21451a808a443052483f3678b5085bcfd76ad50673cdac41a6a6f7ab5741d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe

Filesize
184KB

MD5
be5ad4ff1cfeca2a33eaaf989748f925

SHA1
ef4c7afb771a20d889e96c6aef761163ba990070

SHA256
6f1745b49b883a753a4082c53f38a6a982acaf82ada84b5dd4e96f465652065c

SHA512
4c50c4c735954b5f29ca279e0e29832ba45f3ddce8743978062a0b9afb523d445f10a2ae915d53491b6587afeb8061da75373d9c5e0cbf234bcac45829af212e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe

Filesize
184KB

MD5
e7265a93fc189eddb1b68cd117fcd5fe

SHA1
3c2fc1986cd5538d56fd940da1de76b7f497eab9

SHA256
259dc73894332a1101d5d72dfb23393e74626e8cd16b759ab67c252fd9506890

SHA512
3d585e4f25e266d283971405bb8552429b45487843d9f6d342cc3fa31eaa99a2aec077d2efd68c862239d9e4fcbf7a4552575354f860c81a4a8724fe5906991c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe

Filesize
184KB

MD5
2a67b10caf0a144194b1ef55df5c67a1

SHA1
06155d3ed8c463831fca177fad16e09a72761f34

SHA256
005a05e7238f786b83cef895cf24f44d13a41fc087cb1a702d9f7928ba6a7056

SHA512
1c7743a27307ecd82cfae45741c64bb602427c956681b3b231204b82faf8c89aa07172bd2139890a5311854748efd6184f137a995f81bbe9c48ec91699966067

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe

Filesize
184KB

MD5
6dd0c0c23ca957f3cae7363f02894e53

SHA1
840efc1cb7157bb7dba9d7f53dd4966713f00cd2

SHA256
31c5dd7321e3ebe646b478e7f7a815cf9264fbb656b2086affd2437bcd4e98ff

SHA512
e12d8882dc4911b79826802babb397c20e15244adcc2afa888cb34c1a49bcbffb764b14c1d68d5c461538b51dae5d6beebc33d4e03499ba8a0f0f9ea3b64ca7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48591.exe

Filesize
184KB

MD5
0bfe05147f118fe7260f14d406f6dd3e

SHA1
d135d2a98953bfc71966d8b7a5b9a25b7d82d76a

SHA256
d4cec38738d79124a0bea0b38107aef10cffa662fd03e4e912409bea8482dbe2

SHA512
89934fd21b17ddd9b446585aa6baf1f0d9ab44a5c437dfc0cc6e0f95cd293129624e7fb01b17162b6b76d6bc20d4098b766aa3b51ec9a40c6b4553d369e564ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe

Filesize
184KB

MD5
7068537ba877423c7ada8962ddf17551

SHA1
d1ea0fef8f2aa230d57c81283e9f7c58a56655e4

SHA256
97ec828897c1dc25ee80560c594f2f07b501697b5250053b1519dcca59a16da5

SHA512
9290a43667323350a4553846298b89dbda09f57e2e0a0aed1bbf5cbc854fc9e1a5a17f16edb9482c23ea532cd857a2d5dfc539b50f4cf84d6521ef2b5a5ee40d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe

Filesize
184KB

MD5
df445795cb8ad09dd2288ccc10f6bd04

SHA1
ef5f7deaba4c0c21d509a5e6b5aad03bebcd37e7

SHA256
f8f0762f3a2ab7fe8e052a576b1c09d31031b00d72aacb1e9708118e8ce61021

SHA512
75332ab5eaf9bec14c1c4ea72b114e0f01fbba3310771a4f18a88722867f89e6fac64b11376c06ad61cc53f7c9474fd07e3c25398fb754b0c4d60c9567126350

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe

Filesize
184KB

MD5
8c24386289c5e46806e0eb41ae5b9561

SHA1
2a4dddc7ae5338261fd338ccb47411e7156ce2a2

SHA256
ec723576354d15dd9f695418d53902c398f008bd6e0db8f30fe2ea5ba965e5e9

SHA512
d0546e8d274029de82973ac06fcca23618e2477e18849e524b4ecdfdb41d571aae5bafad3775b9255c3cb78d2a4b2f231667d4cddbaf058ab9c3ea3eb776d993

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe

Filesize
184KB

MD5
71fe2d245342fec35e7867a3021ecb52

SHA1
9a53b30923e70ab5c7516e8d91ede56e4d521439

SHA256
b887fbce85c4ed600bc571f90713ecafe51d7f163e7d8c7c50263971fbbaa3e3

SHA512
b70130ab900b9544b26d0871db5dc9aa3c6ec2adefbb8781274d40ff0ca628756fa51341f4c65a79797e1e9c6a119825e4848b906bf8ac6555a0c58236d4e136

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe

Filesize
184KB

MD5
138ceb56b858235976cdd8121350fd82

SHA1
148857f9064f5b2fed247199f3955829642c08a3

SHA256
a143413ea29b34cd5282e6e1b1a514e41902e6c7462deab33636a03ac50e7cfa

SHA512
0a1d1fc00c18da34e745b96d58e7a52507cc1883a4f04d91e2db9909d34c43e5dba4839e6a345e80f0c9d9cd7117c125de3179267ae821a3b04b78d7dae8cdb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe

Filesize
184KB

MD5
7903d210793c6fe041c29e488464f7d6

SHA1
e92ca614f505884a466000272bcb10ab76d17de1

SHA256
ed3f059e917dca941179131b9a88ab172d82835cea33d852a77f84ace97f29a6

SHA512
9fc9e956de7dd2c9d656a4edfa2f6179fb423291d440048fc3703e1dd52ff9fcc5be7c96bfa7deec61d40bce9511ec6c27fc2ed5cda2e8ad90db2f0cdf19713c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe

Filesize
184KB

MD5
2bd6f12dddc7e8369365a5594c8398c6

SHA1
e5ddd5215871c2b5121497c52ce84bffac574078

SHA256
9331de5344a1fe2999d9ad60884ff8656d8e6591bff841c4ac1b98e5c3511fb4

SHA512
c39cbe130f5edcdd47da1786a5bba1e5fdfec39e7666be96c8550bb09d793c4a5ce305d2d3650d930372ce7bfb7a321a1a2af957cfb4d298ca3d12f707976767

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe

Filesize
184KB

MD5
760d620bb0884b578a0bd3aa20094e0a

SHA1
0a9b6d873fb4009f9ca62bfed3d01d56a8124356

SHA256
977263a91a3b5d8c57834a9008ebdb4111dd583a0508f96551de5fc091df8e41

SHA512
8498a32727520b49935ba1869eea665fe5cc00ea7a04c9e2529c4928b5d213150ce92d741a0bbd756ae351fca032d089670be0391b5c5eaa765e0ace5598677c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe

Filesize
184KB

MD5
ed6ef1619fb1817dc2b352d0e2bd5ef5

SHA1
2b764274d9249ff61c6fe6df7b9208b7d4a48222

SHA256
cd6fd9f313ed0dda0de2960fb0acc3851192fe917103ddd141da7f04a0ee5ec9

SHA512
bddddf471e11a415bb070a1c25895f16060e24b3f08b131dac85de1592f4c59287e224b4ced1593892c93fc7c81a6e480bb1ce960f506410d73d2ed15d90150f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe

Filesize
184KB

MD5
a3d9cd3e826cb34852404f9d84baf4e8

SHA1
d3d702d0f08e35abca26f6fe8deaf02c391892b2

SHA256
e16d48991a20e259b18cdacc31f5d7a4ed5135f9bb97cbf02cc5128726edf10a

SHA512
763ec644a1e3210ead70d9459e43b4f6da7f5aaa3c321716349bfe8dd642fdcfec24f5930c11a8c90c98b9f51286259254ea6676e36e0bfe3013b92408dde4b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29504.exe

Filesize
184KB

MD5
49f7212a21efa6b5fd90b4750d74ec3a

SHA1
57bdd2306aa99cdfdc12baaa71d280710a9c1b27

SHA256
2abd11a58217f3e92dde5f6a2b309719d3632e5b1eb149d3a0220ccf4864a727

SHA512
2e2856f5ef0c3314b59f3be0842b3bc52efeba8b75d9409c9fc526ef3d5a2fe3a83b1d41bd5e68a05472d356d88a2f49ebedf6d6e9217f9fdce9aa17c2b09f67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe

Filesize
184KB

MD5
1af6ddd663e445fafe9e633bace1ef23

SHA1
4ce3edd19a8164e6ca9304d7c385b3410e5450da

SHA256
4a6dba079c213e378056f55f2a2abd11725cf7e67759089c6f2d722d9970728a

SHA512
8fe6c9b64830ec75028042b34c005e4468bf41979cb29cd58090f6ec8bf8356c69528a9ae09e3af051af290409a43d3760f97c9f26d5ff486e90c7e9f05ae867

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41114.exe

Filesize
184KB

MD5
1c5ef54b31a6a8ae0a52eb032e295744

SHA1
ced618ae66d88b4bab585fc0bd40ac20d616c70a

SHA256
a3d834084aa0539fec9a59c0f387d2f73e234b81e32d2d7463ec1c23c7d3b5a5

SHA512
a2f35759d0f4b5d7bfb0d70f93dfed862359b0c1fbe573c37bcba99e3cb035ba428720c38eb1e1f7fed01946eaee0279bc4d5287ca7468265409fe3f10a6a74a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41434.exe

Filesize
184KB

MD5
e2ec99ff66706c6bbfbb3c9367bd9774

SHA1
0d1ec50437cea61ec715e0fcd43c1876d696c217

SHA256
7754b022f22cf678f9e2e506fab66bcaf97e8b227c3d5f1afa8200106a6c02b6

SHA512
5c1c1489ce1bfc94279aacb58291418270d2d19a4f0f13b512466c7c9b58abb9316da406db052ee6f94f0f1b35a986dc9d571e48c9d71211f02e58b02ddb29c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe

Filesize
184KB

MD5
37c4725f0a7eca1074b44916dccfe0f5

SHA1
720d947d01484dc5daa3dc2755dcd12e4fdef8ce

SHA256
0e2fe04d5a99c6449e4fbe6574afbc4223191cca6f4f1aeb0bbc9f4c04e74c35

SHA512
59b2e57b823f2515b9de0ca6621c12296fd48bdef46ec457b83cc1ba0a38e8f7719d58edb53eaf057078f93d25d564b88391ecd93b953fdeb3f49476fdedd86d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49370.exe

Filesize
184KB

MD5
8c7e5ba78038f2bd1e57ced992d41cbc

SHA1
b9ffb5c1a4299926e47dae883fa00c489d5d1fc9

SHA256
fc113a8186956461c3f1072dfd3bd888d6978fe26f09de336fd2742721a0b199

SHA512
579348f1046ce8a45a2c60843e36291eb529620b9dda649fc7587b7e5f35b413a55dc5bc394352f3eebf96b313cb23eb567f5ce15287b0287babb57f76c76e39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe

Filesize
184KB

MD5
5cb1c3a4252fb4536118c3eb80849293

SHA1
0a66b294e0ff9983befd88c545e970019410112e

SHA256
f139a7982a44bbc25bc03464de3390dbab65b4c136dfe7fa68234408716fd6e7

SHA512
4f8872813feef36abbb1ae91fd018c8ef8e2f2acf8ba9abd7db2bf6b9f0842aff627d0f30599a2a733db8dc85140d68022672b9aa5edde263db38f1d95695197

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe

Filesize
184KB

MD5
a40bba575f855853892caeb37c32d920

SHA1
88442711eb4f18cf13617499f51098e148e0af05

SHA256
ae706e3a84857c605481db6d4eda4b49831dc26b7ef858f98cf27d821d88cc3f

SHA512
7ccd63baba9bfb215f380e95432a8d2bb92908bcde824f9db8866f68a8ace51928e180d4f7abf1ccb0f7f5f6f5aec8883827b1a1cb959a151ad27400b0a25e2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7081.exe

Filesize
184KB

MD5
dbcb4b57acbe17514b595f85687baa9f

SHA1
1b98d482179c6b0159a36b4617f3f1519d047b00

SHA256
5a185387b77ff6c606bd3dcc3ea4737b87258cbf3409a18726316b1ed652be7d

SHA512
3db62fd3e9fec85c11f4fb0fd368f7eea71de512927629d6fc08cf715576901f2db530111a1fbc42ec16f980d68a9520c92066b65bc712b6f0dd6fdd25348939

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads